Package software.amazon.awscdk.services.iam

Interface PolicyProps

All Superinterfaces:
software.amazon.jsii.JsiiSerializable
All Known Implementing Classes:
PolicyProps.Jsii$Proxy
@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)", date="2023-06-19T16:29:57.357Z") @Stability(Stable) public interface PolicyProps extends software.amazon.jsii.JsiiSerializable
Properties for defining an IAM inline policy document.

Example: 

 Function postAuthFn;
 UserPool userpool = UserPool.Builder.create(this, "myuserpool")
         .lambdaTriggers(UserPoolTriggers.builder()
                 .postAuthentication(postAuthFn)
                 .build())
         .build();
 // provide permissions to describe the user pool scoped to the ARN the user pool
 postAuthFn.role.attachInlinePolicy(Policy.Builder.create(this, "userpool-policy")
         .statements(List.of(PolicyStatement.Builder.create()
                 .actions(List.of("cognito-idp:DescribeUserPool"))
                 .resources(List.of(userpool.getUserPoolArn()))
                 .build()))
         .build());

  • Method Details

    • getDocument

      @Stability(Stable) @Nullable default PolicyDocument getDocument()
      Initial PolicyDocument to use for this Policy.

      If omited, any PolicyStatement provided in the statements property will be applied against the empty default PolicyDocument.

      Default: - An empty policy.

    • getForce

      @Stability(Stable) @Nullable default Boolean getForce()
      Force creation of an AWS::IAM::Policy.

      Unless set to true, this Policy construct will not materialize to an AWS::IAM::Policy CloudFormation resource in case it would have no effect (for example, if it remains unattached to an IAM identity or if it has no statements). This is generally desired behavior, since it prevents creating invalid--and hence undeployable--CloudFormation templates.

      In cases where you know the policy must be created and it is actually an error if no statements have been added to it, you can set this to true.

      Default: false

    • getGroups

      @Stability(Stable) @Nullable default List<IGroup> getGroups()
      Groups to attach this policy to.

      You can also use attachToGroup(group) to attach this policy to a group.

      Default: - No groups.

    • getPolicyName

      @Stability(Stable) @Nullable default String getPolicyName()
      The name of the policy.

      If you specify multiple policies for an entity, specify unique names. For example, if you specify a list of policies for an IAM role, each policy must have a unique name.

      Default: - Uses the logical ID of the policy resource, which is ensured to be unique within the stack.

    • getRoles

      @Stability(Stable) @Nullable default List<IRole> getRoles()
      Roles to attach this policy to.

      You can also use attachToRole(role) to attach this policy to a role.

      Default: - No roles.

    • getStatements

      @Stability(Stable) @Nullable default List<PolicyStatement> getStatements()
      Initial set of permissions to add to this policy document.

      You can also use addStatements(...statement) to add permissions later.

      Default: - No statements.

    • getUsers

      @Stability(Stable) @Nullable default List<IUser> getUsers()
      Users to attach this policy to.

      You can also use attachToUser(user) to attach this policy to a user.

      Default: - No users.

    • builder

      @Stability(Stable) static PolicyProps.Builder builder()
      Returns:
      a PolicyProps.Builder of PolicyProps